1. | |
2. | Select the Features node and click Add Features link in the middle pane. This will launch the Add Features Wizard.
|
3. | Select the DirectAccess Management Console feature (see Figure 17). If prompted to add the Group Policy Management feature, select Add Required Features. Then click Next.
|
4. | Click Install to install the selected features.
|
5. | When the installation is complete, click Close to close the Add Features Wizard.
|
6. | Open the DirectAccess Management Console from Start | Administrative Tools | DirectAccess Management.
|
7. | Select the Setup
node. You should notice a warning message indicating that the firewall
is not configured to allow ICMPv6 Echo requests needed for Teredo. You
will need to enable this on the local firewall and then access the
management interface again.
|
8. | Once
you have enabled ICMPv6-Echo requests, the DirectAccess Management
console setup node should display the configuration window as seen in Figure 18.
|
9. | Click the Edit button under Step 1—Remote Clients.
|
10. | Add the Active Directory groups that contain computers you wish to allow to use DirectAccess. Then click Finish. You can create custom groups to limit DirectAccess usage only to computers you add to those groups.
|
11. | Next click the Configure button under Step 2—DirectAccess server.
|
12. | Designate
which adapter will be connected externally facing the Internet. This is
the adapter that inbound connections will connect to. Next designate
the adapter to be used for communications to the internal local area
network (See Figure 19).
This is the adapter that the DirectAccess server will pass traffic from
the outside to, so that it can access internal resources. After
selecting adapters, click Next.
|
13. | You now need to select the certificates that the DirectAccess server will use to provide connectivity (See Figure 20).
You will need to select both the certificate of the certificate
authority, and the local machine certificate used to secure DirectAccess
communications. After selecting certificates, click Finish to complete Step 2.
|
14. | Click the Configure for Step 3—Infrastructure
Servers. The first option you need to configure is the location server.
In our example, we installed the location server on the same server as
DirectAccess. If the location server is collocated on the DirectAccess
server, select the option Network Location server is running on the DirectAccess server and then select the certificate used to secure communications for the Network Location Server (See Figure 21). After selecting the Network Location Server click Next.
|
15. | On
the next screen, specify the DNS servers and domain controllers to be
used by the DirectAccess server. After specifying DNS and DCs, click Next.
|
16. | You
can optionally specify the IP address or IP prefix of servers that can
manage clients connected via DirectAccess. For example, you could enter
the IP addresses of antivirus management servers and software deployment
servers here. This will allow those servers to initiate communications to DirectAccess connected clients. After entering the IP or IP prefix of management servers, click Finish.
|
17. | Finally, you need to specify any application servers that you want to allow DirectAccess clients to connect to. Click Configure under Step 4—Application Servers.
|
18. | If
you want to provide end-to-end authentication, select that option and
choose the domain groups that contain computers that DirectAccess
clients should be able to access. If you do not need to provide full
end-to-end authentication then select the option Require no additional end-to-end authentication. Then click Finish.
|
19. | Now that you have completed all four configuration steps, click the Finish
button on the main DirectAccess configuration page. You will be
prompted with a DirectAccess review page. Verify all DirectAccess
settings and click Apply as seen in Figure 22.
 |
